lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9367cc2f-5ce9-0443-bb87-66198d437061@redhat.com>
Date:   Fri, 4 Nov 2016 17:46:07 +0100
From:   Hans de Goede <hdegoede@...hat.com>
To:     Jacek Anaszewski <j.anaszewski@...sung.com>,
        linux-leds@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        Pavel Machek <pavel@....cz>, Andrew Lunn <andrew@...n.ch>
Subject: Re: [PATCH] leds: Add mutex protection in brightness_show()

Hi,

On 04-11-16 17:06, Jacek Anaszewski wrote:
> Hi Hans,
>
> On 11/04/2016 12:53 PM, Hans de Goede wrote:
>> Hi,
>>
>> On 04-11-16 08:52, Jacek Anaszewski wrote:
>>> Initially the claim about no need for lock in brightness_show()
>>> was valid as the function was just returning unchanged
>>> LED brightness. After the addition of led_update_brightness() this
>>> is no longer true, as the function can change the brightness if
>>> a LED class driver implements brightness_get op. It can lead to
>>> races between led_update_brightness() and led_set_brightness(),
>>> resulting in overwriting new brightness with the old one before
>>> the former is written to the device.
>>>
>>> Signed-off-by: Jacek Anaszewski <j.anaszewski@...sung.com>
>>> Cc: Hans de Goede <hdegoede@...hat.com>
>>> Cc: Sakari Ailus <sakari.ailus@...ux.intel.com>
>>> Cc: Pavel Machek <pavel@....cz>
>>> Cc: Andrew Lunn <andrew@...n.ch>
>>> ---
>>>  drivers/leds/led-class.c | 3 ++-
>>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/leds/led-class.c b/drivers/leds/led-class.c
>>> index 731e4eb..0c2307b 100644
>>> --- a/drivers/leds/led-class.c
>>> +++ b/drivers/leds/led-class.c
>>> @@ -30,8 +30,9 @@ static ssize_t brightness_show(struct device *dev,
>>>  {
>>>      struct led_classdev *led_cdev = dev_get_drvdata(dev);
>>>
>>> -    /* no lock needed for this */
>>> +    mutex_lock(&led_cdev->led_access);
>>>      led_update_brightness(led_cdev);
>>> +    mutex_unlock(&led_cdev->led_access);
>>>
>>>      return sprintf(buf, "%u\n", led_cdev->brightness);
>>>  }
>>>
>>
>> I'm afraid that this fix is not enough, the led_access lock is only
>> held when the brightness is being updated through sysfs, not for
>> trigger / sw-blinking updates (which cannot take a mutex as they
>> may be called from non blocking contexts).
>>
>> We may need to consider to add a spinlock to the led_classdev and
>> always lock that when calling into the driver, except for when
>> the driver has a brightness_set_blocking callback. Which will need
>> special handling.
>
> led_update_brightness() currently has two users besides LED subsystem
> (at least grep reports those places):
>
> 1. v4l2-flash-led-class wrapper, for which led_access mutex was
>    introduced. Its purpose was to disable LED sysfs interface while
>    v4l2-flash wrapper takes over control of LED class device
>    (not saying that the mutex wasn't missing even without this
>     use case). Now I've realized that the call to
>     led_sysfs_is_disabled() is missing in this patch.
> 2. /drivers/platform/x86/thinkpad_acpi.c - it calls
>    led_update_brightness() on suspend
>
> I think that the best we can now do is to add
> lockdep_assert_held(&led_cdev->led_access) in led_update_brightness()
> and a description saying that the caller has to acquire led_access
> lock before calling it. Similarly as in case of
> led_sysfs_disable()/led_sysfs_disable().

The problem is not only callers of led_update_brightness() not holding
led_cdev->led_access, the problem is also callers of led_set_brightness
not holding led_cdev->led_access and they cannot take this lock because
they may be called from a non-blocking context.

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ